Internet and email use: frequently asked questions

Elizabeth Stevens of steeles (law) llp concludes the current series of articles on the use of internet and email in the workplace with a selection of frequently asked questions.

We are a small company with only 20 employees. Is it really necessary for us to have an internet and email policy in place?

It will depend on the nature of the business, but many organisations are now heavily dependent on their IT systems and it is, therefore, prudent for all employers to have some form of policy in place.

As well as protecting against any potential misuse of or damage to the system, having a suitable policy in place will help an employer demonstrate that it took reasonable practical steps to prevent discrimination or harassment taking place in the workplace. This may provide the employer with a defence in the event of an employee bringing a claim such as sex discrimination based on the distribution of offensive and inappropriate material by email. Provided that the employer can show that it had a robust policy in place that all staff were fully aware of and had received training in, it is less likely that it will be found to be vicariously liable for the discriminatory acts of any employee who breaches the policy.

The policy will need to be carefully tailored to the requirements of the business, specifying, for example, the extent to which personal use of the internet or email system is permitted and whether any disclaimer or confidentiality statement must be attached to emails. It is important that the policy is reviewed and updated on a regular basis to ensure, that it still reflects the company's working practices and to take account of any new technological developments. For example, many existing policies will not cover restrictions on the use of social networking sites or blogging.

Once a policy is in place, it is important to enforce the terms of the policy consistently and to deal with any potential breaches promptly, investigating thoroughly and taking appropriate disciplinary action where necessary. Staff should be trained on the contents of the policy and regularly reminded of their obligations under it, particularly when it is reviewed and updated.

How can I prevent employees from accessing the internet for non-work-related purposes?

It might be the case that some employees have no need to use the internet in order to carry out their duties, in which case internet access could be restricted to only those individuals who need it.

However, assuming the employer requires all employees to have internet access, it is important that it specifies in a policy the extent to which personal internet use is permitted. The employer may decide to restrict all use of the internet to legitimate work purposes only. In practice, however, many employers tolerate a degree of personal use, provided that this does not impact on the employees' productivity and ability to fulfil their duties. It would probably be advisable to restrict personal internet use to lunch breaks or outside normal working hours. Employees should be informed that such use is permitted as a privilege and not as a right, and can be withdrawn in the event of it being abused.

In addition, employers could put in place restrictions through the IT system to prevent employees from accessing certain websites, such as eBay, YouTube and social networking sites, to ensure that they are not tempted to spend long periods of time accessing these sites while at work. The IT manager should be able to advise on what restrictions are possible.

Are employees entitled to use emails for personal correspondence at work?

Certainly employees do not have the right to unlimited use of their employer's email system for personal correspondence, and it is advisable to place some restrictions on personal use in an internet and email policy.

It has been suggested, however, that employees should have access to some means of personal communication in the workplace. The Human Rights Act 1998 includes the 'right to respect for private and family life, home and correspondence'. In the case of Halford v United Kingdom [1997] IRLR 471 ECHR, the European Court of Human Rights suggested that employees have a reasonable expectation of privacy in the workplace. Employers are also recommended to provide workers with some means of making personal communications that are not subject to monitoring, for instance a staff telephone line or a system of sending private emails that will not be monitored.

Permitting the use of the email system for limited personal correspondence may mean that the telephone system is left largely free for business purposes, which many employers would regard as preferable to allowing employees to use the telephone for personal calls.

Can I read my employees' emails?

The legal position on the monitoring of emails is complex (see Email and internet use: writing a policy) and involves the consideration of several pieces of legislation that overlap and are, to some degree, inconsistent. There have been very few cases dealing with the interception of employee communications so it is difficult to say with any certainty how the legislation would be interpreted by the courts and tribunals in practice.

Of primary consideration is the Data Protection Act 1998 and the associated Code of Practice, which emphasises the requirement for employees to be fully informed about the extent and purposes for which any monitoring is carried out. It is much easier to justify the monitoring of email traffic (ie the volume and the senders and recipients of emails) than it is to justify monitoring the content of emails. Monitoring should always be carried out in a manner that is proportionate, bearing in mind the rights of the individuals balanced against the needs of the business.

In circumstances where an employee is absent and it is important for the business to access and open his or her emails, this is likely to be justified provided that the user is aware that his or her emails may be accessed for this purpose. For example, it would be acceptable to open emails sent to a sales executive who may receive customer orders by email during the absence. However, this would not extend to opening emails that are clearly personal.

If the employer is concerned that one of its employees may be exchanging too many personal emails, whether or not this is the case, it can be readily ascertained by monitoring the email traffic. There should be no need to look at the content of the emails.

However, if the employer has genuine concerns about the content of an email, perhaps because it may contain offensive material and the employer suspects a criminal offence may have been carried out, then it might be justifiable in these circumstances to view the contents. It would not, however, be advisable for employers to open an employee's personal emails as a matter of course.

A better approach is to try to prevent such problems arising in the first place by providing employees with thorough training on the employer's internet and email policy and ensuring that all users are fully aware of their duties and obligations. Employees should also be fully informed of the extent of any monitoring. Where practical, automatic monitoring of the flow and content of emails is preferable to personal monitoring, for example automatically blocking the sending of emails containing certain words or phrases.

Can I sack an employee for writing a blog about his or her job?

This will very much depend on the content of the blog and whether the employee has been writing it during working hours and using the employer's systems.

If the employer is clearly identifiable from the blog, and it contains defamatory statements about the organisation, its employees or customers, there will be a strong argument for claiming that the blog has brought, or has risked bringing, it into disrepute. This could give the employer good grounds for dismissing the employee. It will assist the employer's case if it has in place a policy clearly stating that inappropriate blogging about the organisation that might result in damage to its reputation will be treated as a disciplinary offence.

However, employers should remember that taking disciplinary action against an employee - even where it can be justified - can potentially increase the number of people reading the blog, if it attracts media attention. For example, in 2005 there was a report on the BBC website that Waterstone's had dismissed one of its employees for writing a derogatory blog about the company. It might, therefore, be advisable in these situations for employers to request that the page be withdrawn, by contacting the internet service provider hosting the blog.

If the employer is not identifiable from the blog, it will be more of a risk to take disciplinary action against the employee and this may be justifiable only in circumstances where the employee has been found to have spent company time writing blog posts. There may be an argument for saying that the employee is in breach of his or her implied duty of fidelity towards the employer, if the blog is critical of the employer. However, a less risky approach would be for the employer to make the employee aware of its knowledge of the blog and request that any grievances the employee has against the employer are aired through the proper grievance procedure rather than via the blog. This might at least mean that the employee curbs his or her comments in the blog.

The next topic of the week article will be an overview of the age discrimination legislation and will be published on 5 November.

Elizabeth Stevens is a professional support lawyer at steeles (law) llp (estevens@steeleslaw.co.uk)

Further information on steeles can be accessed at www.steeleslaw.co.uk